bank-vaults
postgres-operator
Our great sponsors
bank-vaults | postgres-operator | |
---|---|---|
10 | 33 | |
0 | 3,719 | |
- | 1.9% | |
0.0 | 9.0 | |
8 months ago | 5 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bank-vaults
-
Self-hosted Secrets Manager (or something alike)
there's https://github.com/banzaicloud/bank-vaults wich is a wrapper for hashivault, so not exactly what you're looking for but worth looking into.
-
Secrets Management on Kubernetes: How do you handle it?
https://github.com/banzaicloud/bank-vaults. Mind you after Cisco bought Banzai work on this project seems to have stopped. It works very well for us though.
-
Secrets Management with Hashicorp Vault - which integration point to use? Sidecar Injector? ESO?
We are using Banzai Bank Vaults Webhook and we’re very happy with it.
-
Project: Running a local cluster with TLS, ArgoCD GitOps, Vault and a PostgreSQL operator
If you ever want to see vault at that kind of level check out bank-vaults. Overkill for many, but it sounds like a decent fit for what you've already got in place and might reduce the boilerplate.
-
Run a pod in a namespace without having access to it's secrets?
Use vault-env (we use https://github.com/banzaicloud/bank-vaults) to inject the secret as an ENV var to the pod at runtime, based on Vault's Kubernetes auth
-
Secrets storage best practices
We use bank vault to inject secrets as environment variables. This does not require changes to the app. A sidecar is automatically added to the pod to retrieve the secrets and inject them in the app runtime. Here’s the link https://github.com/banzaicloud/bank-vaults
- How to manage passwords in Helm
- Homelab: Cluster Architecture
-
Kubernetes authentication from multiple, external clusters
I can follow up with examples if you'd like. You might like BanzaiCloud's Bank Vaults. We personally only use the Configurer component which just provides useful mechanisms to dynamically, or once off, configure Vault via data structures we supplied via ConfigMap.
-
Secrets Managers for Kubernetes (Vault (Hashi), Conjur (CyberArk), Platform Specific, etc)
Encrypted secrets can't be more than a temporary solution. That's why I'm not a fan of SOPS/Sealed Secrets/etc. I think the future for both security and usability is dynamic injection. Vault is the dopeness but I'm not a fan of the upstream Vault Injector -- shared volumes are a step backwards. It's all about the BanzaiCloud Vault Webhook -- secrets **only ever available to the running process**, rotation means: update the value in vault and bounce the pod, done. This is the way.
postgres-operator
- No disk space crashloop but pod healthy · Issue #3788 · CrunchyData/postgres-operator
- Deploying Postgres on Kubernetes in production
- Anyone using cloudnativepg in production?
-
Jolt v0.5.2 is available!
As for the Operators, I've been using Crunchy PGO, which is very high quality, and one of the most widely used. You can install it via Helm, or via OLM from OperatorHub. There are other good ones as well, but none that I have experience with. The only issue I've run into so far is I've had to disable TLS on the database cluster, as Prowlarr refused to connect with it for some reason (Radarr was fine). I still need to open an issue with the Prowlarr team about that, but I might switch to a service mesh for TLS anyway.
-
Can someone share experience configuring Highly Available PgSQL?
The Crunchy operator, seemingly like most (if not all) of the other Postgres operators (Zalando, KubeDB, and StackGres, etc.), is essentially a wrapper for Patroni. IMO if someone wanted a Patroni cluster, they would just build one. The point of an operator is to manage the cluster resources and node relationships, so why not have it take the role Patroni is filling here? It's already reaching into the nodes, obtaining status, managing the routing, etc., so why add the extra layer?
-
Questions about Kubernetes
On the topic of Postgres, you should look into an operator or Helm chart that can setup common things (like replication and auto-failover), such as Crunchy's Postgres operator, or consider using a "cloud-native" distributed database like CockroachDB (disclaimer: I am a Cockroach Labs employee) which has its own operator as well. Another word of warning, running stateful services, particularly mission critical databases, can require a lot of maintenance work (it's my full-time job), so unless this is for a hobby project, I would highly recommend you look into using a managed database offerring. Every major cloud provider and most database companies have one.
-
My girlfriend left me... I have a K8S cluster, argocd, longhorn, traefik, metallb, on 3 optiplex mff with proxmox... This is the start gentlemen, i'll post back in 1 year. This dashboard will be full my friends, I promise, see you in the rabbit hole o/
For postgres you can also have a look at PGO or bitnami helm chart
-
Databases on Kubernetes is fundamentally same as a database on a VM
Let's say a new Kubernetes version comes out in April. In November, as everything works perfectly well, you decide to install a Postgres operator on it. Bummer, it doesn't work. It's not a huge issue, you just wait until the bug is resolved (already done[0]), but it's just one of these tiny things that I don't get when running Postrges natively. And I'm saying this as a big fan of Crunchy Data running some production loads on it without a failure for quite some time now.
[0] https://github.com/CrunchyData/postgres-operator/issues/3476
-
Are you running databases on Kubernetes?
There is one particular client that have a somewhat big database 40-120gb (it change size over the year), and for that we used CrunchyData Postgres operator ( https://access.crunchydata.com/documentation/postgres-operator/v5/ ) we have no commercial relation with them, but oboi let me tell you the god send that thing is, this database in specific process massive data and it is distributed between several nodes in a read-write and read-only set, and let me tell you, it is amazing how easy it is to move things around, take backups, increase the capacity and a bunch of other goodies that operator bring. Give it a try.
- Do people use DBs as Pods?
What are some alternatives?
kubernetes-external-secrets - Integrate external secret management systems with Kubernetes
kubegres - Kubegres is a Kubernetes operator allowing to deploy one or many clusters of PostgreSql instances and manage databases replication, failover and backup.
postgres-operator - Postgres operator creates and manages PostgreSQL clusters running in Kubernetes
vault-csi-provider - HashiCorp Vault Provider for Secret Store CSI Driver
longhorn - Cloud-Native distributed storage built on and for Kubernetes
secrets-store-csi-driver-provider-azure - Azure Key Vault provider for Secret Store CSI driver allows you to get secret contents stored in Azure Key Vault instance and use the Secret Store CSI driver interface to mount them into Kubernetes pods.
postgres-operator - Production PostgreSQL for Kubernetes, from high availability Postgres clusters to full-scale database-as-a-service.
helm-charts - A curated set of Helm charts brought to you by codecentric
cloudnative-pg - CloudNativePG is a comprehensive platform designed to seamlessly manage PostgreSQL databases within Kubernetes environments, covering the entire operational lifecycle from initial deployment to ongoing maintenance
k3s-home-cluster - Sets up a Kubernetes cluster using Ansible
k3s - Lightweight Kubernetes